Default anti-virus scanning options for Sophos Central

  • Article ID: 119637
  • Rating:
  • 2 customers rated this article 3.0 out of 6
  • Updated: 23 Apr 2016

This article details the default anti-virus policy options for both User based and Server based policies:

Applies to the following Sophos product(s) and version(s)
Sophos Central Admin

For real-time scanning, the following options are enabled:

  • Scan on read
  • Scan on write
  • Scan system memory
  • Scan remote files
  • Automatically clean up malware (if clean-up fails, then deny access)
  • Detect malicious behavior (HIPS)
  • Detect network traffic to command and control servers
  • Block access to malicious websites
  • Scan downloads in progress
  • Detect low-reputation files
  • Potentially Unwanted Application (PUA) scanning
    • PUAs are blocked by default.  Once detected you will need to either authorize the application in policy or clean up the application from the Dashboard.
  • Scans executable files (does not unnecessarily scan files which cannot infect a computer)
  • Sophos Live Protection

The following are disabled:

  • Allow access to boot sector
  • Scan inside archives (Items extracted from the archive will be scanned in real-time regardless of this setting.  In addition to this the scheduled scan can be configured to scan within archives to search for dormant infected files. This can add significant processing overhead so it is not included in real-time scanning.)
  • Scan for/detect suspicious files (malicious behaviour detection provides protection against new (“day zero”) malware)
  • Detect suspicious behaviour (malicious behaviour detection provides protection against new (“day zero”) malware)
  • Buffer overflow detection(malicious behaviour detection provides protection against new (“day zero”) malware)

For scheduled scanning:

This has the same settings as the real-time scanning. It has the following scheduled scan specific settings enabled:

  • Scan for rootkits
  • Low priority scan
  • Scanning inside archives can be enabled

Notes:

  • For user based policies no scheduled scan is created by default. For server based policies a default weekly scan is configured to run at 00:00.
  • For server based policies where the option 'Automatically exclude activity by known applications' has been checked, see article 121461 for details on the automatically configure exclusions.
Detect malicious behavior (HIPS)
Detect network traffic to command and control servers

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments